package com.wcx.application.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
public class SecurityConfig {

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
                // 禁用CSRF保护（如果不需要）
                .csrf(csrf -> csrf.disable())
                // 配置HTTP安全
                .authorizeRequests()
                // 允许所有请求，无需授权
                .anyRequest().permitAll()
        ;

        // 在Spring Security 6中，你不需要显式调用build()，因为@Bean方法已经返回了SecurityFilterChain

        return http.build(); // 如果你使用的是早期版本的Spring Security，并且需要显式构建FilterChain，则保留这行代码
    }
}